similar to: netfilter+libvirt=(smth got broken?)

Hi, Over the past few days I've been trying to get a prototype working of a stateful firewall for a Virtual Machine using Libvirt's network filters. My goal is to replace the current custom Python/Java code in the Apache CloudStack [0] project by Network Filters of Libvirt. Both IPv4 and IPv6 should work, but I started off with IPv4 and I have issues with accepting back

Hi, I contact you as i have difficulties to use nwfilter with KVM host. I want to implemente flow filtering between my Linux guests. I created the following filter : cat admin-dmz-internet.xml <filter name='admin-dmz-internet'> <!-- this zone is an SSH ingoing only zone --> <!-- but SSH can go to an other SSH proxy --> <filterref

Hi, I'm trying to configure nwfilter for KVM, but so far I haven't managed to figure out a working configuration. Network setup: The dom0 (Debian 7.1, kernel 3.2.46-1, libvirt 0.9.12) is connected via eth0, part of the external subnet 192.168.17.0/24, and has an additional subnet 192.168.128.160/28 routed to its main address 192.168.17.125. The host's subnet is configured as bridge

Hi all, I've got a problem with nwfilters/iptables. For one of my guest's interfaces, I have established the following filter: --8<---------------cut here---------------start------------->8--- <filter name='p-mgmt' chain='root'> <uuid>94fdd15b-b380-ba8c-6685-91206829adc7</uuid> <filterref filter='clean-traffic'/> <rule

Il giorno lun, 02/09/2019 alle 08.26 +0100, Rowland penny via samba ha scritto: > > set 01 22:36:56 s-addc.studiomosca.net named[639]: samba_dlz: > > cancelling transaction on zone studiomosca.net > > That is showing that a client isn't being allowed to update a record. Is it possible to cure it in some way? > > [2] ----[smb.conf] > > > Please do not post

On Wed, 24 Apr 2019 at 06:01, likun <kun.li at ucarinc.com> wrote: > Hi?guys. > > There is a wierd problem with iptables recently, hopes somebody can help > me. > > I have installed Centos 7.2.1511 on a bare metal Dell server these days, > disabled firewalld and enabled iptables.services, and setup a group of very > simple rules, as the following: > > I believe

Hi?guys. There is a wierd problem with iptables recently, hopes somebody can help me. I have installed Centos 7.2.1511 on a bare metal Dell server these days, disabled firewalld and enabled iptables.services, and setup a group of very simple rules, as the following: # iptables-save # Generated by iptables-save v1.4.21 on Tue Apr 23 09:15:14 2019 *filter :INPUT ACCEPT [0:0] :FORWARD ACCEPT

Hello, Stephen, thank you for input. Yes, these servers have the same firewall rules, and both of them have the same problem from time to time, most of time they are good. Actually, these servers are newly installed to be used as the Glusterfs storage server, so not much data flowing at this time. >From the sysctl output, I suppose it can't be a conntrack table overflow :

Rowland, Did some editing in smb.conf that I had to reverse. Now I'm back to being able to connect with the firewall disabled. When I enable the firewall I get as far as windows network -> workgroup but no connection. I have only the rules you recommended in your last email. Louis, The information you requested is below: martin at radio:~$ dpkg -l|egrep "iptables|ufw" ii 

I received the following bug report for the Debian rsync package today. I wouldn't have expected 2.6.4 to refuse to talk to even a 2.6.2 in this way... Perhaps Wayne could comment? Paul Slootman On Tue 26 Apr 2005, Alexey Feldgendler wrote: > > Rsync fails to push filters to the the remote host if the remote rsync > is older than the Debian's. I've tried to connect to a

https://bugzilla.netfilter.org/show_bug.cgi?id=1423 Bug ID: 1423 Summary: iptables-translate silently discards --ctstate DNAT Product: nftables Version: unspecified Hardware: x86_64 OS: Debian GNU/Linux Status: NEW Severity: normal Priority: P5 Component: iptables over nftable

Rowland, OK. Should I delete these lines? diff yours mine 63d62 yours# -A ufw-after-logging-output -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW ALLOW] " 85,87d83 yours# -A ufw-before-logging-forward -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW AUDIT] " yours# -A ufw-before-logging-input -m conntrack

https://bugzilla.netfilter.org/show_bug.cgi?id=917 Summary: Kernel OOPS on Kernel 3.14.2 Product: netfilter/iptables Version: unspecified Platform: x86_64 OS/Version: Debian GNU/Linux Status: NEW Severity: critical Priority: P5 Component: NAT AssignedTo: netfilter-buglog at lists.netfilter.org

On Tue, Jun 20, 2017 at 02:26:59AM -0400, Travis S. Johnson wrote: >Hello, > >I came across an interesting problem in my home lab a few weeks ago as I'm >prepping for my RHCE exam using Michael Jang study guide. I've been at this >for days now, and I still can't wrap my head around how two or more virtual >networks in default NAT configuration are even allowed to

On Wed, 6 Feb 2019 16:05:40 -0500 Martin McGlensey via samba <samba at lists.samba.org> wrote: > Rowland, > > Did some editing in smb.conf that I had to reverse. Now I'm back to > being able to connect with the firewall disabled. When I enable the > firewall I get as far as windows network -> workgroup but no > connection. I have only the rules you recommended in

Louis, Made the changes. Still unable to mount office. Firewall also blocks Thunderbird mail and maybe internet. Will check that more fully later.Any thoughts ob Tony's response? Outputs: martin at radio:/etc$ sudo apt-get install ufw Reading package lists... Done Building dependency tree Reading state information... Done The following packages were automatically installed and are no

Hello. I'm getting trouble with the ADMINISABSENTMINDED option, it doesn't seem to work as stated in the manual. When using the default ADMINISABSENTMINDED=Yes and no routestopped file, here are the firewall state after executing shorewall stop : Chain INPUT (policy DROP 473 packets, 106K bytes) pkts bytes target prot opt in out source destination

Yes, Try this ( copy past-able. ) ufw disable ufw reset ufw limit 22/tcp ufw allow in proto tcp from any port 389,1024:65535 to any port 1024:65535 ufw allow 139,445/tcp ufw allow 137,138/udp ufw --force enable Sorry for the late reply, but im bit busy with some servers here. Greetz, Louis > -----Oorspronkelijk bericht----- > Van: samba [mailto:samba-bounces at lists.samba.org]

https://bugzilla.netfilter.org/show_bug.cgi?id=874 Summary: Any conntrack conditions specified with --ctstate INVALID are not checked Product: iptables Version: 1.4.x Platform: All OS/Version: All Status: NEW Severity: normal Priority: P5 Component: iptables AssignedTo:

http://bugzilla.netfilter.org/show_bug.cgi?id=712 Summary: iptables-save does not save correcly rateest bps parameter Product: iptables Version: unspecified Platform: x86_64 OS/Version: Debian GNU/Linux Status: NEW Severity: normal Priority: P5 Component: unknown AssignedTo: